Vulnerability Details : CVE-2019-20445
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
Products affected by CVE-2019-20445
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_amq_clients:2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:spark:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:spark:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-20445
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-20445
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST | |
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
NIST |
CWE ids for CVE-2019-20445
-
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-20445
-
https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E
[jira] [Created] (FLINK-19195) question on security vulnerabilities in flink - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0601
RHSA-2020:0601 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image - Pony MailMailing List;Third Party Advisory
-
https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final
Comparing netty-4.1.43.Final...netty-4.1.44.Final · netty/netty · GitHubPatch;Release Notes;Third Party Advisory
-
https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5@%3Cissues.zookeeper.apache.org%3E
[jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 - Pony MailMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html
[SECURITY] [DLA 2365-1] netty-3.9 security updateMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] phunt opened a new pull request #1246: ZOOKEEPER-3716: upgrade netty 4.1.42 to address CVE-2019-20444 CVE-20… - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rbdb59c683d666130906a9c05a1d2b034c4cc08cda7ed41322bd54fe2@%3Cissues.flume.apache.org%3E
[jira] [Commented] (FLUME-3363) CVE-2019-20445 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] phunt opened a new pull request #1245: ZOOKEEPER-3716: upgrade netty 4.1.42 to address CVE-2019-20444 CVE-20… - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0567
RHSA-2020:0567 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r81700644754e66ffea465c869cb477de25f8041e21598e8818fc2c45@%3Cdev.zookeeper.apache.org%3E
Re: [VOTE] Apache ZooKeeper release 3.6.0 candidate 1 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593@%3Cissues.zookeeper.apache.org%3E
[jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E
[zookeeper] branch branch-3.6 updated: ZOOKEEPER-3716: upgrade netty 4.1.42 to address CVE-2019-20444 CVE-20… - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0606
RHSA-2020:0606 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/4532-1/
USN-4532-1: Netty vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0605
RHSA-2020:0605 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2021/dsa-4885
Debian -- Security Information -- DSA-4885-1 nettyThird Party Advisory
-
https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d@%3Cdev.geode.apache.org%3E
Proposal to bring GEODE-7969 to support/1.12 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E
[jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0497
RHSA-2020:0497 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08@%3Cissues.zookeeper.apache.org%3E
[jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d@%3Cissues.zookeeper.apache.org%3E
[jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E
[zookeeper] branch branch-3.5.7 updated: ZOOKEEPER-3716: upgrade netty 4.1.42 to address CVE-2019-20444 CVE-20… - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 - Pony MailMailing List;Third Party Advisory
-
https://github.com/netty/netty/issues/9861
Non-proper handling of Content-Length and Transfer-Encoding: chunked headers · Issue #9861 · netty/netty · GitHubExploit;Issue Tracking;Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0805
RHSA-2020:0805 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f@%3Cissues.spark.apache.org%3E
[jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rb5c065e7bd701b0744f9f28ad769943f91745102716c1eb516325f11@%3Cissues.spark.apache.org%3E
[jira] [Created] (SPARK-31095) Upgrade netty version to fix security vulnerabilities - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r4ff40646e9ccce13560458419accdfc227b8b6ca4ead3a8a91decc74@%3Cissues.flume.apache.org%3E
[jira] [Created] (FLUME-3363) CVE-2019-20445 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114@%3Ccommits.druid.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62@%3Cissues.zookeeper.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f@%3Cdev.geode.apache.org%3E
Re: Proposal to bring GEODE-7969 to support/1.12 - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0806
RHSA-2020:0806 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986@%3Cdev.zookeeper.apache.org%3E
[jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0804
RHSA-2020:0804 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E
[zookeeper] branch release-3.6.0 updated: ZOOKEEPER-3716: upgrade netty 4.1.42 to address CVE-2019-20444 CVE-20… - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E
[zookeeper] branch branch-3.5 updated: ZOOKEEPER-3716: upgrade netty 4.1.42 to address CVE-2019-20444 CVE-20… - Pony MailMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html
[SECURITY] [DLA 2109-1] netty security updateMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] zachjsh opened a new pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9@%3Cissues.zookeeper.apache.org%3E
[jira] [Assigned] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html
[SECURITY] [DLA 2364-1] netty security updateMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a@%3Cissues.zookeeper.apache.org%3E
[jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E
[jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix.Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r46f93de62b1e199f3f9babb18128681677c53493546f532ed88c359d@%3Creviews.spark.apache.org%3E
[GitHub] [spark] dongjoon-hyun commented on issue #27870: [SPARK-31095][BUILD][2.4] Upgrade netty-all to 4.1.47.Final - Pony MailMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
[SECURITY] Fedora 33 Update: netty-4.1.51-1.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r030beff88aeb6d7a2d6cd21342bd18686153ce6e26a4171d0e035663@%3Cissues.flume.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0811
RHSA-2020:0811 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E
[jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6 - Pony MailMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
[SECURITY] [DLA 2110-1] netty-3.9 security updateMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E
[jira] [Created] (FLINK-19195) question on security vulnerabilities in flink - Pony MailMailing List;Third Party Advisory
Jump to